US12348554B2ActiveUtilityPatentIndex 62
Threat mitigation system and method
Est. expiryFeb 23, 2043(~16.6 yrs left)· nominal 20-yr term from priority
Inventors:MURPHY BRIAN PPARTLOW JOEO'CONNOR COLINPFEIFFER JASONMURPHY BRIAN PHILIPECHAVARRIA JONATHAN R
H04L 41/16G06F 40/56G06F 21/566G06N 3/0475G06F 2221/034G06F 40/154G06F 40/103H04L 63/1425G06F 21/554G06F 21/552H04L 63/1416G06F 16/345H04L 63/1441
62
PatentIndex Score
0
Cited by
168
References
24
Claims
Abstract
A computer-implemented method, computer program product and computing system for establishing connectivity with a plurality of security-relevant subsystems within a computing platform; receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; and iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-implemented method executed on a computing device comprising:
training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information;
monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems;
establishing connectivity with the plurality of security-relevant subsystems within the computing platform;
receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event;
iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification;
prompting a user to provide feedback concerning the summarized human-readable report; and
revising the formatting script based upon, at least in part, provided feedback;
wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions.
2. The computer-implemented method of claim 1 wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems.
3. The computer-implemented method of claim 1 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification.
4. The computer-implemented method of claim 3 wherein the one or more tools includes one or more of:
a decoding tool to decode an encoded initial notification;
a decompression tool to decompress a compressed initial notification; and
an identification tool to identify an owner of a domain associated with the initial notification.
5. The computer-implemented method of claim 1 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using a large language model.
6. The computer-implemented method of claim 1 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing prompt engineering to produce the summarized human-readable report for the initial notification.
7. The computer-implemented method of claim 1 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification.
8. The computer-implemented method of claim 1 wherein the summarized human-readable report defines recommended next steps and/or disclaimers.
9. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information;
monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems;
establishing connectivity with the plurality of security-relevant subsystems within the computing platform;
receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event;
iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification;
prompting a user to provide feedback concerning the summarized human-readable report; and
revising the formatting script based upon, at least in part, provided feedback;
wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions.
10. The computer program product of claim 9 wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems.
11. The computer program product of claim 9 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification.
12. The computer program product of claim 11 wherein the one or more tools includes one or more of:
a decoding tool to decode an encoded initial notification;
a decompression tool to decompress a compressed initial notification; and
an identification tool to identify an owner of a domain associated with the initial notification.
13. The computer program product of claim 9 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using a large language model.
14. The computer program product of claim 9 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing prompt engineering to produce the summarized human-readable report for the initial notification.
15. The computer program product of claim 9 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification.
16. The computer program product of claim 9 wherein the summarized human-readable report defines recommended next steps and/or disclaimers.
17. A computing system comprising:
a hardware processor and physical memory configured to perform operations comprising:
training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information;
monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems;
establishing connectivity with the plurality of security-relevant subsystems within the computing platform;
receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event;
iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification;
prompting a user to provide feedback concerning the summarized human-readable report; and
revising the formatting script based upon, at least in part, provided feedback;
wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions.
18. The computing system of claim 17 wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems.
19. The computing system of claim 17 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification.
20. The computing system of claim 19 wherein the one or more tools includes one or more of:
a decoding tool to decode an encoded initial notification;
a decompression tool to decompress a compressed initial notification; and
an identification tool to identify an owner of a domain associated with the initial notification.
21. The computing system of claim 17 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
iteratively processing the initial notification using a large language model.
22. The computing system of claim 17 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing prompt engineering to produce the summarized human-readable report for the initial notification.
23. The computing system of claim 17 wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification.
24. The computing system of claim 17 wherein the summarized human-readable report defines recommended next steps and/or disclaimers.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.